Lucene search

HackeroneCVELIST:CVE-2023-46810

HistoryMay 31, 2024 - 5:38 p.m.

CVE-2023-46810

2024-05-3117:38:31

hackerone

www.cve.org

cve-2023-46810

ivanti secure access client

linux

privilege escalation

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ivanti",
    "product": "Secure Access Linux",
    "versions": [
      {
        "version": "22.7R1",
        "status": "affected",
        "lessThan": "22.7R1",
        "versionType": "semver"
      }
    ]
  }
]

References

forums.ivanti.com/s/article/Security-Advisory-May-2024

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-46810